diff --git a/api/src/App.js b/api/src/App.js
index d2bbe1f14..57a739379 100644
--- a/api/src/App.js
+++ b/api/src/App.js
@@ -67,7 +67,6 @@ export default class App extends AppBase {
csp({
enableWarn: true,
policy: {
- 'default-src': ['none'],
'connect-src': [
'https://www.google-analytics.com/j/collect',
"'self'",
@@ -79,16 +78,12 @@ export default class App extends AppBase {
],
'font-src': ["'self'", 'https://fonts.gstatic.com', 'data:'],
'img-src': ["'self'", 'data:', 'https://js-eu1.hsforms.net', 'https://api.hubspot.com', 'https://forms-eu1.hsforms.com', 'https://forms.hsforms.com'],
- 'script-src': [
- "'unsafe-eval'",
- "'self'",
- "'unsafe-inline' https://js-eu1.hsforms.net",
- "'unsafe-inline' https://www.google-analytics.com/analytics.js",
- 'stats.data.gouv.fr',
- ],
+ 'script-src': ["'report-sample' 'self'", 'https://*.hsforms.net', 'https://stats.data.gouv.fr'],
'worker-src': ['blob:'],
'style-src': ["'self'", "'unsafe-inline'"],
'frame-src': ['https://docs.a-just.beta.gouv.fr', 'https://meta.a-just.beta.gouv.fr', 'https://forms-eu1.hsforms.com/'],
+ 'base-uri': ["'self'"],
+ 'form-action': ["'self'"],
},
}),
])
diff --git a/front/angular.json b/front/angular.json
index d26227d94..cd5a3eedb 100644
--- a/front/angular.json
+++ b/front/angular.json
@@ -70,6 +70,14 @@
},
"configurations": {
"production": {
+ "optimization": {
+ "scripts": true,
+ "styles": {
+ "minify": true,
+ "inlineCritical": false
+ },
+ "fonts": true
+ },
"budgets": [
{
"type": "initial",
@@ -91,6 +99,14 @@
"outputHashing": "all"
},
"staging": {
+ "optimization": {
+ "scripts": true,
+ "styles": {
+ "minify": true,
+ "inlineCritical": false
+ },
+ "fonts": true
+ },
"budgets": [
{
"type": "initial",
@@ -112,6 +128,15 @@
"outputHashing": "all"
},
"sandbox": {
+ "optimization": {
+ "scripts": true,
+ "styles": {
+ "minify": true,
+ "inlineCritical": false
+ },
+ "fonts": true
+ },
+
"budgets": [
{
"type": "initial",
diff --git a/front/src/app/app.component.ts b/front/src/app/app.component.ts
index c82c1d67f..204c66cf5 100644
--- a/front/src/app/app.component.ts
+++ b/front/src/app/app.component.ts
@@ -50,8 +50,6 @@ export class AppComponent implements AfterViewInit {
document.body.classList.add('iIOS')
}
- this.onControlSSL()
-
router.events
.pipe(filter((event) => event instanceof NavigationEnd))
// @ts-ignore
@@ -99,16 +97,6 @@ export class AppComponent implements AfterViewInit {
ngAfterViewInit(): void {
this.listenSelectElement()
}
- /**
- * Control si on est en SSL ou non
- */
- onControlSSL() {
- if (location.protocol !== 'https:' && environment.forceSSL) {
- location.replace(
- `https:${location.href.substring(location.protocol.length)}`
- )
- }
- }
/**
* Suppression de l'alert et du texte dans le service
diff --git a/front/src/index.html b/front/src/index.html
index 0aadb9a37..f64b2ccd8 100644
--- a/front/src/index.html
+++ b/front/src/index.html
@@ -11,9 +11,6 @@
-